Monday, October 22, 2012

Scorched Earth was/is a great video game, but it was/is a
terrible role model for a political party.

As many of you may have noticed, I've been blogging less as of late - my wife and I have been very busy trying to get ready for the impending arrival of the Babycrat, and I have been so dispirited by this political season that I've been actively trying not to think about politics because all that does is piss me off - therefore, I've had neither much time nor desire to put fingers to keyboard, as it were.

But, I felt I needed to write something on this, the eve(ning) of the last Presidential debate, and something that I hope adds some intelligence to the general political discourse at the moment. Unfortunately, the mainstream media is all-consumed with the political horse-race - who is leading in this poll or that, who gaffed, who looked more or less at ease in this or that debate, etc. I say "unfortunately" because NONE OF THAT MATTERS - the only things that *should* matter in political elections are the candidates' concrete policies, since that's the only thing that will affect people after the election.

But that's about Romney himself, and reasonable people can disagree about what Romney's policies mean for their own personal lives and for the county in general.

However, I think it is less easy to disagree over the larger damage to U.S. democracy a Romney victory would cause, on account of HOW Romney will have won the Presidency - not because of WHO his is or WHAT he would do as President. There are two primary sources of this damage:

Unprecedented amounts of untraceable cash, most of it flowing to pro-Romney organizations, have spread unprecedented numbers of lies and misinformation about both Obama and Romney, subverting the democratic process and destroying the ability of the public to made political decisions based on facts - because with their unlimited money, these groups have divorced this political race from both history and the truth.

Even as the top 1% of income earners have gotten more of the economic pie, a subset of the 1% have decided to eschew their responsibility to the society that has enabled their success and have decided to spend hundreds of millions (or even billions - we don't know for sure) of dollars to install their chosen candidate as President. It's hard to imagine that Romney's campaign would have been as competitive as it has been (indeed, he might not have even been the Republican nominee) without all this untraceable money spewing lies on his behalf.

Given how both the Republicans and Supreme Court view this issue, the only way to change this situation is probably a Constitutional Amendment that defines "free speech" more precisely - which will likely never happen, at least not anytime soon. The only other possibility is not to reward the backers of these shadowy organizations with electoral victories.

A Romney victory would validate the scorched-earth politics of the Republican Party for the past four years, setting an extremely destructive precedent for how a party out-of-power can achieve electoral victory.

The Republicans have done their damnedest to make good on this promise - they have opposed Obama at every turn possible, trying to thwart every effort made by the Obama Administration and Democrats in Congress to improve the American economy, support job creation, make long-term investments (in education, infrastructure, research, or anything else), or accomplish anything else. Often, the Obama Administration did themselves no favors in this arena, but the Republicans almost certainly made the Great Recession deeper and longer than it otherwise would have been, thanks to their scorched-earth, take-no-prisoners tactics.

The American democratic system is built upon the concept of the loyal opposition - the American system has so many checks and balances that even a minority party can completely halt the political process, leading to total political gridlock if the minority party decides that it will, under no circumstances, cooperate with the majority party.

So, the Republicans have done their best to shut down the American policy-making process for the past four years, and now their electoral strategy is to blame Obama for the fact that nothing has gotten done in Washington in the past four years.

If it is shown that a minority party can regain power by shutting down the American political process and then blaming the party in power, we can anticipate at least a decade or two of weak Presidents, total political stalemates, nothing but kicking the can down the road, and continued American decline, until things finally get so bad that the voters demand a serious shake-up along the lines of amending the Constitution.

On November 6, I encourage you to think about how you want the American political system to function over the next couple of decades and think about whether you want to reward (1) the undisclosed super-wealthy who are attempting to purchase this election by spending unprecedented amounts of cash to spread unprecedented numbers of lies and misinformation and (2) a political party seeking to retake power through obstructionist, scorched-earth politics - and if you want to accept with that all of the implications rewarding these people would have for the future of American democracy.

Instead of rewarding these groups and further damaging American democracy, I would encourage you to vote for the only moderate centrist in the Presidential race - President Barack Obama.

Don't reward the cockroaches - otherwise, they'll be all we have left in our political system.

In an ideal world, PINs would follow a uniform distribution - that is, people would use totally randomly assigned PINs - but of course, people don't do that. In fact, interesting patterns emerge when looking at PINs in the real world. One of the more interesting graphs from the PIN analysis:

This chart shows a couple of interesting things:

Numbers starting with 19xx are among the most popular PINs - almost certainly because people are using birth years or anniversaries as their PINs. Don't do this - it's very easy to find out the birthdays or anniversaries of yourself or your immediate family.

The most frequently used PINs are used a lot - one third of all PINs could be guessed by trying only 61 distinct combinations (many of which start with 19xx), and 50% of all PINs could be guessed with only 426 combinations (far different from the 5,000 guesses it would take if PINs were randomly distributed).

Someone put together an infographic with a bunch of useful information about how to improve your own PIN security. It's really amazing how many people use such weak PINs - no wonder that electronic theft is on the rise.

If you need to improve your PIN security, you can just use the random PIN generated by the bank when you sign up for a bank account, or you can use PWGen (see my previous post on security) to generate a random PIN yourself - just double-check it to make sure the PWGen program doesn't generate a random PIN that is one of the very popular PINs below.

Thursday, October 4, 2012

If you’re like the me from a few months ago, you have only a handful of passwords that you reuse on a bunch of different websites. Well, this is a really bad habit for your online security, because if your password on one website is hacked (and it’s almost certain that one of your passwords has been hacked, sometime, somewhere), then the hacker(s) can use that password to log in to your account on any other website where you’ve used the same password.

So, reusing passwords is a very, very bad habit. One that I too was guilty of. Well, that stops today.

Now that we have your computer, email, and browsing habits somewhat protected, it’s time to protect the rest of your online life - we’re going to use an excellent software package to make all of your passwords practically unhackable (and completely un-memorizable to boot). And no, doing this won’t cause never-ending frustrations - in fact, it will save you time in short order.

This is an awesome piece of software - start using it.

Seventh step - download and install Dashlane and PWGen - and Dashlane is also available for iPhones and Android, so you’ll want to install it on your smartphone too, if you have one.

Using these two programs together (Dashlane and PWGen), we can create completely random, practically unhackable, totally unique passwords for every online account you have.

Dashlane is my favorite password manager - mainly because it’s free to use on both desktops and Android smartphones, and I’ve read that it’s browser integration is better than other password managers. Lastpass is another popular option, but you have to pay to get Lastpass on your smartphone. The one drawback to Dashlane (which will likely be fixed in a future release) is that I don’t think that the random passwords generated by Dashlane are strong enough - hence the use of PWGen, a little open-source password generator.

Anyway, now comes the longest and most difficult part of using Dashlane - you have to log into every website you use (banking, personal finance, web forums, any email accounts other than Gmail, Facebook, LinkedIn, Twitter, etc.), change the password to a new, unique, random password generated by PWGen (preferably 20+ characters, a mix of upper- and lower-case letters, numbers, and symbols), and save the password in Dashlane. It probably took me 60-90 minutes to do this initial setup with the 50 or so web accounts that immediately came to mind (though my number of accounts in Dashlane has since grown to just over 100). It’s a bit of work, yes, but manageable - even my wife, who thinks I’m a bit paranoid when it comes to computer security, has gotten used to using Dashlane without a problem.

And here’s the awesome part - once you do that initial setup (thereby vastly increasing the security of your online passwords, since now every web account you use now has a completely unique, random, practically unhackable password), you never have to log into a website again - Dashlane automatically fills out username and password forms and logs you in, saving you tons of time over the long-run. And if one of your passwords might have been compromised (e.g. like when LinkedIn was hacked a few weeks ago), Dashlane will inform you automatically and tell you that you need to change your password.

It is a strangely liberating feeling, not knowing any of my own passwords (except my Dashlane password, of course, which is very long and complicated, but it’s the only password I have to remember anymore), and Dashlane actually saves a lot of time - I never realized how much time I used to spend logging into websites until I didn’t have to do it anymore. And for those occasional times that you need to log in to a website while you’re away from your main computer, you can bring up the password on your smartphone to enter it manually.

Don't let this happen to you.

Eighth step - back up your important files. Note that I’m not really recommending that you back up ALL your files - for example, I don’t think it’s important to back up program files if you still have the install disks or can easily download the software from where you originally got it.

Instead, you should think about levels of file backup. Your most important files need to be on at least three separate media in at least two physical locations - for example, they need to be 1) on your main computer, 2) on an external drive, and 3) on an online cloud storage service. These are the files that are irreplaceable and that you would seriously regret losing - for me, these are all the files related to my undergrad and graduate education (some of which I still refer to often as a part of my job), my wedding photos, and other personal photos from all the adventures my wife and I have had together - and pictures of the Babycrat will be added to this list after she’s born.

The second level of backup are files that are replaceable but that it would be rather inconvenient to replace. For example, I also don’t think it’s important to have an online backup of music or movie files, since you can either re-rip the music from your original CDs or re-download your movies from Amazon, iTunes, or wherever you get your movies - and these files tend to be large, and most online storage solutions price by the gigabyte. But, they’d be a pain to replace, and external storage is cheap - so, you should have these files on your main computer and on an external drive, or on two different external drives, if you don’t keep stuff like that on your main computer.

The last level of backup are files that only exist on your main computer and therefore aren’t backed up - your operating system files, program files that you can easily reinstall, etc.

The lesson here is this: pretty much anything else you care about keeping needs to be on at least two separate media, and anything that you absolutely must keep needs to be on three separate media in two separate locations.

Backing files up properly may sound like a lot of work, but I was actually surprised at how few files I found to be important enough to back up online.

As far as WHERE to back up files online, Dropbox is very popular, though it doesn’t offer much storage space for free. Box.com is my personal favorite, but mainly because I joined Box.com through a promotion that gave me a whopping 50GB of storage space for free, and their normal free accounts offer much less. If you have more stuff to back up than you can conveniently store for free, I’d recommend Amazon’s new Glacier service, which offers very cheap, month-to-month, a-la-carte online backup services.

So, backing up your files will probably cost a little money, if you need to buy an external drive and/or pay something for online backup services. But, spending a little money to protect your most important files is better than losing all your files, photos, etc. to a house fire, hard drive failure, faulty wiring, etc.

My final recommendation for staying safe and anonymous online also costs money - a private VPN service. I introduced VPNs in a previous blog post, and I decided to expand that post into this full how-to for staying safe and anonymous online.

Protect your access to the internet.

VPNs allow you to keep any and all of your internet activity private from everyone (including your own internet service provider), except for the VPN company - therefore, it’s best to buy VPN service from a reputable company with a history of providing VPN services. However, your most important online activity (such as online banking) will stay private from even the VPN because of those sites’ use of SSL (which is in use whenever you see https in your browser address bar). Depending on the VPN service you choose, it also gives you the handy ability to make your computer appear like it is physically in a number of different countries around the world - and this can sometimes be very useful. For example, if you’re traveling and want to stream your Netflix movies while outside the USA, you usually can’t - but with a VPN, you can make Netflix think that you’re inside the USA, and you can watch the movies you’re paying for. Or, this past summer, if you were extremely dissatisfied with NBC’s coverage of the Olympics and wanted to watch the BBC’s coverage, the only way you could do this was by making your computer appear to be inside Great Britain - which is very easy to do with a VPN.

My personal recommendation is AirVPN, though there are other good VPN companies out there as well.

If you do all of the above, you’ll be safer and more anonymous online than 99% of internet users - and since thieves, hackers, and other unsavory online types generally target the easiest victims, these steps greatly decrease the odds that you will suffer some breach of security or privacy online.

Tuesday, October 2, 2012

This was the most ridiculous "scary hacker" picture I could find. Hackers 1) are
probably not as fit as this dude, in general; 2) would never wear a ski mask while
hacking, because that would be really silly, 3) would never try to use a touchpad
with a clawed hand, and 4) probably wouldn't be using an Apple computer.
Stock photo fail. Source.

My previous post on VPNs made me think that it would be a good idea and a valuable public service to outline to everyone exactly how I stay safe and anonymous online, as well as keep all my files safely backed up online - mostly for free! I’m a pretty savvy computer user, and I realize not everyone is - and many people out there will likely not have heard of a few of these tips and tricks below.

I’m writing this guide mostly as a step-by-step process, because in order to be safe, secure, and anonymous, you need to start from scratch - it’s possible that your computer has some sort of spyware installed (that you either know about or you don’t), and spyware by its very nature make you less safe and anonymous online. I’m also writing this guide for Windows users, since 1) most people out there are Windows users, and 2) if you’re using Linux, a Mac, or other, you can find similar programs to the below yourself.

At least you don't have to reinstall Windows 7 every few months to keep it running smoothly,
like you did with every other version of Windows ever made.

So, first step - reinstall Windows on your computer, from scratch.

[You have all your stuff backed up already, right? So reinstalling Windows from scratch is easy to do, right? I know the answer for many of you is “no,” wait until tomorrow's post (which includes how to do proper backups), back up your stuff properly, and then return to this step.]

Second step - download all the updates for Windows. May seem obvious, but some people don’t bother to do it. There will be a ton of them, so go get a coffee or something - it will take a while.

OK, so now we’ve got the basics - a relatively secure computer system upon which to build. Here’s where things get more interesting.

Fourth step - download and install a decent browser. I prefer Chrome, but Firefox or Opera are also good choices. All these browsers have a number of privacy-enhancing features, such as the ability to browse without leaving behind any trace of your browsing habits, the ability to clear all of your cookies and temporary files automatically or on-demand, etc.

Sixth step - now we start to get into the “anonymous” part of “staying safe and anonymous online.” Add the extension Disconnect to Chrome - this wonderful extension prevents third parties from tracking your browsing online, and it also anonymizes your Google searches automatically.

Optional add-ons for the sixth step - there are a few other addons for Chrome that give additional protection, but they are a little more intrusive and require a little more hands-on management. If you’re up to it, I recommend Adblock Plus, KB SSL Enforcer, and Kill Evil (you can Google those if you’re interested in any of them). Adblock Plus blocks ads (surprise, surprise), while SSL Enforcer forces sites to load over SSL if possible, and Kill Evil disables intrusive and malicious javascripts from loading on web pages. WARNING: these addons (especially SSL Enforcer and Kill Evil) can disable functionality on some websites, so they have to be manually disabled on some websites to make the websites usable. I can understand that this may be too much work for some people, but if you can manage these addons, they’ll make your browsing safer.

So, that's got us a secure computer, secure email, and a decent way to browse the internet. Tomorrow, we'll get into protecting all the rest of your online accounts, as well as backing up your files properly.

P.S. This is the second blog post I've written in the new Blogger interface, and I hate hate hate it. Why oh why do internet companies feel the need to break their app interfaces every few months?

About This Blog

I am one of the largely nameless, faceless bureaucrats who work tirelessly (and largely thanklessly) to help ensure that poor people don't go hungry - and a billion other tasks government bureaucrats do that no one notices until something stops working. Living and working in DC is making me angry - and I vent my anger as thoughtfully as I can. Well, OK, maybe I'm not terribly angry ... but I thought it was a good name for a blog. If you're also a bureaucrat, or angry, or thoughtful, I'm happy to entertain guest posts.